mongodb · RafaelCenzano · Jan 9, 2026 · Jan 2, 2026 · Jan 2, 2026 · Jan 2, 2026
@@ -651,15 +651,16 @@ func (c *Client) newMongoCrypt(opts *options.AutoEncryptionOptions) (*mongocrypt
 	bypassAutoEncryption := opts.BypassAutoEncryption != nil && *opts.BypassAutoEncryption
 	bypassQueryAnalysis := opts.BypassQueryAnalysis != nil && *opts.BypassQueryAnalysis
 
-	mc, err := mongocrypt.NewMongoCrypt(mcopts.MongoCrypt().
-		SetKmsProviders(kmsProviders).
-		SetLocalSchemaMap(cryptSchemaMap).
-		SetBypassQueryAnalysis(bypassQueryAnalysis).
-		SetEncryptedFieldsMap(cryptEncryptedFieldsMap).
-		SetCryptSharedLibDisabled(cryptSharedLibDisabled || bypassAutoEncryption).
-		SetCryptSharedLibOverridePath(cryptSharedLibPath).
-		SetHTTPClient(opts.HTTPClient).
-		SetKeyExpiration(opts.KeyExpiration))
+	mc, err := mongocrypt.NewMongoCrypt(&mcopts.MongoCryptOptions{
+		KmsProviders:               kmsProviders,
+		LocalSchemaMap:             cryptSchemaMap,
+		BypassQueryAnalysis:        bypassQueryAnalysis,
+		EncryptedFieldsMap:         cryptEncryptedFieldsMap,
+		CryptSharedLibDisabled:     cryptSharedLibDisabled || bypassAutoEncryption,
+		CryptSharedLibOverridePath: cryptSharedLibPath,
+		HTTPClient:                 opts.HTTPClient,
+		KeyExpiration:              opts.KeyExpiration,
+	})
 	if err != nil {
 		return nil, err
 	}

@@ -53,14 +53,15 @@ func NewClientEncryption(keyVaultClient *Client, opts ...options.Lister[options.
 		return nil, fmt.Errorf("error creating KMS providers map: %w", err)
 	}
 
-	mc, err := mongocrypt.NewMongoCrypt(mcopts.MongoCrypt().
-		SetKmsProviders(kmsProviders).
+	mc, err := mongocrypt.NewMongoCrypt(&mcopts.MongoCryptOptions{
+		KmsProviders: kmsProviders,
 		// Explicitly disable loading the crypt_shared library for the Crypt used for
 		// ClientEncryption because it's only needed for AutoEncryption and we don't expect users to
 		// have the crypt_shared library installed if they're using ClientEncryption.
-		SetCryptSharedLibDisabled(true).
-		SetHTTPClient(cea.HTTPClient).
-		SetKeyExpiration(cea.KeyExpiration))
+		CryptSharedLibDisabled: true,
+		HTTPClient:             cea.HTTPClient,
+		KeyExpiration:          cea.KeyExpiration,
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -173,7 +174,9 @@ func (ce *ClientEncryption) CreateDataKey(
 		return bson.Binary{}, fmt.Errorf("failed to construct options from builder: %w", err)
 	}
 
-	co := mcopts.DataKey().SetKeyAltNames(args.KeyAltNames)
+	co := &mcopts.DataKeyOptions{
+		KeyAltNames: args.KeyAltNames,
+	}
 	if args.MasterKey != nil {
 		keyDoc, err := marshal(
 			args.MasterKey,
@@ -182,10 +185,10 @@ func (ce *ClientEncryption) CreateDataKey(
 		if err != nil {
 			return bson.Binary{}, err
 		}
-		co.SetMasterKey(keyDoc)
+		co.MasterKey = keyDoc
 	}
 	if args.KeyMaterial != nil {
-		co.SetKeyMaterial(args.KeyMaterial)
+		co.KeyMaterial = args.KeyMaterial
 	}
 
 	// create data key document
@@ -208,18 +211,18 @@ func (ce *ClientEncryption) CreateDataKey(
 func transformExplicitEncryptionOptions(opts ...options.Lister[options.EncryptOptions]) *mcopts.ExplicitEncryptionOptions {
 	args, _ := mongoutil.NewOptions[options.EncryptOptions](opts...)
 
-	transformed := mcopts.ExplicitEncryption()
+	transformed := &mcopts.ExplicitEncryptionOptions{}
 	if args.KeyID != nil {
-		transformed.SetKeyID(*args.KeyID)
+		transformed.KeyID = args.KeyID
 	}
 	if args.KeyAltName != nil {
-		transformed.SetKeyAltName(*args.KeyAltName)
+		transformed.KeyAltName = args.KeyAltName
 	}
-	transformed.SetAlgorithm(args.Algorithm)
-	transformed.SetQueryType(args.QueryType)
+	transformed.Algorithm = args.Algorithm
+	transformed.QueryType = args.QueryType
 
 	if args.ContentionFactor != nil {
-		transformed.SetContentionFactor(*args.ContentionFactor)
+		transformed.ContentionFactor = args.ContentionFactor
 	}
 
 	if args.RangeOptions != nil {
@@ -241,7 +244,7 @@ func transformExplicitEncryptionOptions(opts ...options.Lister[options.EncryptOp
 		if rangeArgs.TrimFactor != nil {
 			transformedRange.TrimFactor = rangeArgs.TrimFactor
 		}
-		transformed.SetRangeOptions(transformedRange)
+		transformed.RangeOptions = &transformedRange
 	}
 	return transformed
 }
@@ -468,7 +471,7 @@ func (ce *ClientEncryption) RewrapManyDataKey(
 	}
 
 	// Transfer rmdko options to /x/ package options to publish the mongocrypt feed.
-	co := mcopts.RewrapManyDataKey()
+	co := &mcopts.RewrapManyDataKeyOptions{}
 	if args.MasterKey != nil {
 		keyDoc, err := marshal(
 			args.MasterKey,
@@ -477,10 +480,10 @@ func (ce *ClientEncryption) RewrapManyDataKey(
 		if err != nil {
 			return nil, err
 		}
-		co.SetMasterKey(keyDoc)
+		co.MasterKey = keyDoc
 	}
 	if args.Provider != nil {
-		co.SetProvider(*args.Provider)
+		co.Provider = args.Provider
 	}
 
 	// Prepare the filters and rewrap the data key using mongocrypt.

@@ -70,7 +70,7 @@ func createEncryptedDocForBench(b *testing.B, crypt *MongoCrypt, iter int) bsonc
 		Data:    []byte("aaaaaaaaaaaaaaaa"),
 	}
 
-	encryptOpts := options.ExplicitEncryption().SetAlgorithm(algorithm).SetKeyID(keyID)
+	encryptOpts := &options.ExplicitEncryptionOptions{Algorithm: algorithm, KeyID: &keyID}
 	doc := bsoncore.NewDocumentBuilder().AppendString("v", fmt.Sprintf("value %04v", iter)).Build()
 
 	encryptCtx, err := crypt.CreateExplicitEncryptionContext(doc, encryptOpts)
@@ -141,7 +141,9 @@ func newCryptForBench(b *testing.B) *MongoCrypt {
 		AppendDocument("local", localProvider).
 		Build()
 
-	cryptOpts := options.MongoCrypt().SetKmsProviders(kmsProviders)
+	cryptOpts := &options.MongoCryptOptions{
+		KmsProviders: kmsProviders,
+	}
 
 	crypt, err := NewMongoCrypt(cryptOpts)
 

@@ -61,7 +61,9 @@ func createMongoCrypt(t *testing.T) *MongoCrypt {
 		AppendDocument("local", localProvider).
 		Build()
 
-	cryptOpts := options.MongoCrypt().SetKmsProviders(kmsProviders)
+	cryptOpts := &options.MongoCryptOptions{
+		KmsProviders: kmsProviders,
+	}
 	crypt, err := NewMongoCrypt(cryptOpts)
 	noerr(t, err)
 	if crypt == nil {
@@ -216,7 +218,10 @@ func TestMongoCrypt(t *testing.T) {
 				AppendString("secretAccessKey", "example").
 				FinishDocument().
 				Build()
-			cryptOpts := options.MongoCrypt().SetKmsProviders(kmsProviders).SetLocalSchemaMap(schemaMap)
+			cryptOpts := &options.MongoCryptOptions{
+				KmsProviders:   kmsProviders,
+				LocalSchemaMap: schemaMap,
+			}
 			crypt, err := NewMongoCrypt(cryptOpts)
 			noerr(t, err)
 			defer crypt.Close()
@@ -289,7 +294,7 @@ func TestMongoCrypt(t *testing.T) {
 		masterKey, _ = bsoncore.AppendDocumentEnd(masterKey, midx)
 
 		// create data key context and check initial state
-		dataKeyOpts := options.DataKey().SetMasterKey(masterKey)
+		dataKeyOpts := &options.DataKeyOptions{MasterKey: masterKey}
 		dataKeyCtx, err := crypt.CreateDataKeyContext("local", dataKeyOpts)
 		noerr(t, err)
 		defer dataKeyCtx.Close()
@@ -320,7 +325,7 @@ func TestMongoCrypt(t *testing.T) {
 				Subtype: 0x04, // 0x04 is UUID subtype
 				Data:    []byte("aaaaaaaaaaaaaaaa"),
 			}
-			opts := options.ExplicitEncryption().SetKeyID(keyID).SetAlgorithm(algorithm)
+			opts := &options.ExplicitEncryptionOptions{KeyID: &keyID, Algorithm: algorithm}
 			encryptCtx, err := crypt.CreateExplicitEncryptionContext(originalDoc, opts)
 			noerr(t, err)
 			defer encryptCtx.Close()
@@ -353,7 +358,8 @@ func TestMongoCrypt(t *testing.T) {
 			defer crypt.Close()
 
 			// create explicit encryption context and check initial state
-			opts := options.ExplicitEncryption().SetKeyAltName("altKeyName").SetAlgorithm(algorithm)
+			keyAltName := "altKeyName"
+			opts := &options.ExplicitEncryptionOptions{KeyAltName: &keyAltName, Algorithm: algorithm}
 			encryptCtx, err := crypt.CreateExplicitEncryptionContext(originalDoc, opts)
 			noerr(t, err)
 			defer encryptCtx.Close()

@@ -18,29 +18,6 @@ type DataKeyOptions struct {
 	MasterKey   bsoncore.Document
 }
 
-// DataKey creates a new DataKeyOptions instance.
-func DataKey() *DataKeyOptions {
-	return &DataKeyOptions{}
-}
-
-// SetKeyAltNames specifies alternate key names.
-func (dko *DataKeyOptions) SetKeyAltNames(names []string) *DataKeyOptions {
-	dko.KeyAltNames = names
-	return dko
-}
-
-// SetMasterKey specifies the master key.
-func (dko *DataKeyOptions) SetMasterKey(key bsoncore.Document) *DataKeyOptions {
-	dko.MasterKey = key
-	return dko
-}
-
-// SetKeyMaterial specifies the key material.
-func (dko *DataKeyOptions) SetKeyMaterial(keyMaterial []byte) *DataKeyOptions {
-	dko.KeyMaterial = keyMaterial
-	return dko
-}
-
 // QueryType describes the type of query the result of Encrypt is used for.
 type QueryType int
 
@@ -68,47 +45,6 @@ type ExplicitRangeOptions struct {
 	Precision  *int32
 }
 
-// ExplicitEncryption creates a new ExplicitEncryptionOptions instance.
-func ExplicitEncryption() *ExplicitEncryptionOptions {
-	return &ExplicitEncryptionOptions{}
-}
-
-// SetKeyID sets the key identifier.
-func (eeo *ExplicitEncryptionOptions) SetKeyID(keyID bson.Binary) *ExplicitEncryptionOptions {
-	eeo.KeyID = &keyID
-	return eeo
-}
-
-// SetKeyAltName sets the key alternative name.
-func (eeo *ExplicitEncryptionOptions) SetKeyAltName(keyAltName string) *ExplicitEncryptionOptions {
-	eeo.KeyAltName = &keyAltName
-	return eeo
-}
-
-// SetAlgorithm specifies an encryption algorithm.
-func (eeo *ExplicitEncryptionOptions) SetAlgorithm(algorithm string) *ExplicitEncryptionOptions {
-	eeo.Algorithm = algorithm
-	return eeo
-}
-
-// SetQueryType specifies the query type.
-func (eeo *ExplicitEncryptionOptions) SetQueryType(queryType string) *ExplicitEncryptionOptions {
-	eeo.QueryType = queryType
-	return eeo
-}
-
-// SetContentionFactor specifies the contention factor.
-func (eeo *ExplicitEncryptionOptions) SetContentionFactor(contentionFactor int64) *ExplicitEncryptionOptions {
-	eeo.ContentionFactor = &contentionFactor
-	return eeo
-}
-
-// SetRangeOptions specifies the range options.
-func (eeo *ExplicitEncryptionOptions) SetRangeOptions(ro ExplicitRangeOptions) *ExplicitEncryptionOptions {
-	eeo.RangeOptions = &ro
-	return eeo
-}
-
 // RewrapManyDataKeyOptions represents all possible options used to decrypt and encrypt all matching data keys with a
 // possibly new masterKey.
 type RewrapManyDataKeyOptions struct {
@@ -118,20 +54,3 @@ type RewrapManyDataKeyOptions struct {
 	// MasterKey identifies the new masterKey. If omitted, rewraps with the current masterKey.
 	MasterKey bsoncore.Document
 }
-
-// RewrapManyDataKey creates a new RewrapManyDataKeyOptions instance.
-func RewrapManyDataKey() *RewrapManyDataKeyOptions {
-	return new(RewrapManyDataKeyOptions)
-}
-
-// SetProvider sets the value for the Provider field.
-func (rmdko *RewrapManyDataKeyOptions) SetProvider(provider string) *RewrapManyDataKeyOptions {
-	rmdko.Provider = &provider
-	return rmdko
-}
-
-// SetMasterKey sets the value for the MasterKey field.
-func (rmdko *RewrapManyDataKeyOptions) SetMasterKey(masterKey bsoncore.Document) *RewrapManyDataKeyOptions {
-	rmdko.MasterKey = masterKey
-	return rmdko
-}
@@ -24,58 +24,3 @@ type MongoCryptOptions struct {
 	HTTPClient                 *http.Client
 	KeyExpiration              *time.Duration
 }
-
-// MongoCrypt creates a new MongoCryptOptions instance.
-func MongoCrypt() *MongoCryptOptions {
-	return &MongoCryptOptions{}
-}
-
-// SetKmsProviders specifies the KMS providers map.
-func (mo *MongoCryptOptions) SetKmsProviders(kmsProviders bsoncore.Document) *MongoCryptOptions {
-	mo.KmsProviders = kmsProviders
-	return mo
-}
-
-// SetLocalSchemaMap specifies the local schema map.
-func (mo *MongoCryptOptions) SetLocalSchemaMap(localSchemaMap map[string]bsoncore.Document) *MongoCryptOptions {
-	mo.LocalSchemaMap = localSchemaMap
-	return mo
-}
-
-// SetBypassQueryAnalysis skips the NeedMongoMarkings state.
-func (mo *MongoCryptOptions) SetBypassQueryAnalysis(bypassQueryAnalysis bool) *MongoCryptOptions {
-	mo.BypassQueryAnalysis = bypassQueryAnalysis
-	return mo
-}
-
-// SetEncryptedFieldsMap specifies the encrypted fields map.
-func (mo *MongoCryptOptions) SetEncryptedFieldsMap(efcMap map[string]bsoncore.Document) *MongoCryptOptions {
-	mo.EncryptedFieldsMap = efcMap
-	return mo
-}
-
-// SetCryptSharedLibDisabled explicitly disables loading the crypt_shared library if set to true.
-func (mo *MongoCryptOptions) SetCryptSharedLibDisabled(disabled bool) *MongoCryptOptions {
-	mo.CryptSharedLibDisabled = disabled
-	return mo
-}
-
-// SetCryptSharedLibOverridePath sets the override path to the crypt_shared library file. Setting
-// an override path disables the default operating system dynamic library search path.
-func (mo *MongoCryptOptions) SetCryptSharedLibOverridePath(path string) *MongoCryptOptions {
-	mo.CryptSharedLibOverridePath = path
-	return mo
-}
-
-// SetHTTPClient sets the http client.
-func (mo *MongoCryptOptions) SetHTTPClient(httpClient *http.Client) *MongoCryptOptions {
-	mo.HTTPClient = httpClient
-	return mo
-}
-
-// SetKeyExpiration sets the key expiration duration. 0 means "never expire".
-// The granularity is in milliseconds. Any sub-millisecond fraction will be rounded up.
-func (mo *MongoCryptOptions) SetKeyExpiration(expiration *time.Duration) *MongoCryptOptions {
-	mo.KeyExpiration = expiration
-	return mo
-}